GHSA-7r36-jf3c-jhp4

Опубликовано: 13 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Duplicate Advisory: tgstation-server vulnerable to cached user logins in legacy server

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-42r6-p4px-qvv6. This link is maintained to preserve external references.

Original Description

In Tgstation tgstation-server 3.2.4.0 through 3.2.1.0 (fixed in 3.2.5.0), active logins would be cached, allowing subsequent logins to succeed with any username or password.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2018-17107
https://github.com/tgstation/tgstation-server/issues/690

Пакеты

Наименование

TGServiceInterface

nuget

Затронутые версииВерсия исправления

>= 3.2.1.0, <= 3.2.4.0

3.2.5.0

9.8 Critical

CVSS3

9.8 Critical

CVSS3